General
-
Target
0fb0cad98171f42890b726bd68e74da8_JaffaCakes118
-
Size
3.0MB
-
Sample
240625-1x42aawdmf
-
MD5
0fb0cad98171f42890b726bd68e74da8
-
SHA1
93cfc72cdfd3d46aa652be53c5231986c34db736
-
SHA256
3314a3bc9f609c398b705045a9640c296ab9f55c6e3405546002ab175ef2ee1d
-
SHA512
5652781f413e9c653458c410e7dea4d94e777492c94892a78b615e8daf08dcf3587ebc4b68fcb4be34366f0073d7da1e9a4d2336775cf325488502a8f33a0f80
-
SSDEEP
49152:Y0HaRhnuL/0Eyh/mRdJ4DJS3uEPS9gC1/pxVCMBA9cb2lHMseinXBgS:Y/RhuL/zyh/wJy4Pwf1R7PB8C2lsqRgS
Malware Config
Targets
-
-
Target
0fb0cad98171f42890b726bd68e74da8_JaffaCakes118
-
Size
3.0MB
-
MD5
0fb0cad98171f42890b726bd68e74da8
-
SHA1
93cfc72cdfd3d46aa652be53c5231986c34db736
-
SHA256
3314a3bc9f609c398b705045a9640c296ab9f55c6e3405546002ab175ef2ee1d
-
SHA512
5652781f413e9c653458c410e7dea4d94e777492c94892a78b615e8daf08dcf3587ebc4b68fcb4be34366f0073d7da1e9a4d2336775cf325488502a8f33a0f80
-
SSDEEP
49152:Y0HaRhnuL/0Eyh/mRdJ4DJS3uEPS9gC1/pxVCMBA9cb2lHMseinXBgS:Y/RhuL/zyh/wJy4Pwf1R7PB8C2lsqRgS
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-